200+ applicantsPosted by Agency

Company

BetterComp · 3 days ago

Security Analyst

United States

Full-time

Remote

Mid Level

$110K/yr - $140K/yr

Maximize your interview chances

Information TechnologySoftware

No H1B

Insider Connection @BetterComp

Discover valuable connections within the company who might provide insights and potential referrals.
Get 3x more responses when you reach out via email instead of LinkedIn.

Responsibilities

Collaborate with policy owners to refine, update, and maintain security policies, ensuring they are specific, actionable, and aligned with the organization’s operational practices.

Ensure policies are reviewed and updated at appropriate intervals to reflect changes in the business environment, technology, and regulations.

Drive personnel awareness and acceptance of security policies, ensuring that all staff understand and comply with the organization’s security requirements.

Work closely with management to ensure that security policies are integrated into job roles and responsibilities across the organization.

Support the translation of policies into practical procedures and practices that can be effectively implemented by teams.

Ensure that personnel understand their part in ensuring a strong security culture, including socialization of security concepts, role specific training, and a trusted contact point to help resolve security concerns.

Collaborate with IT, product, and engineering teams to define appropriate technical controls that support security policies.

Assist in the implementation of these controls, ensuring they are aligned with both security and business objectives, and are demonstrably effective.

Develop and maintain security metrics that provide visibility into the organization’s security posture and help manage compliance and risk.

Regularly report on these metrics to key stakeholders, including leadership, to inform decision-making.

Prepare and organize the necessary documentation and evidence to facilitate external audits, particularly for SOC 2 Type 2 certification.

Work closely with auditors to ensure a smooth and successful audit process, addressing any findings or recommendations.

Identify opportunities to automate security processes and controls, reducing the time and effort required to maintain a robust security posture.

Implement automation tools and strategies that streamline security operations and enhance overall efficiency.

Serve as the point of contact for customer security teams, addressing concerns related to vendor risk management.

Respond to security questionnaires, clarify questions related to the organization’s security policies and controls, and provide detailed explanations as needed.

Build and maintain strong relationships with customer security teams, ensuring their confidence in our organization’s security practices.

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

Security program managementPolicy lifecycle managementComplianceSecurity frameworksSOC 2NISTGDPRSecurity automation toolsTechnical controlsVendor risk managementAudit facilitationSecurity metrics developmentSecurity monitoringSecurity questionnairesCross-functional collaboration

Required

Proven experience in security program management, policy lifecycle management, and compliance, preferably in a fast-paced, remote work environment.

Strong understanding of security frameworks, regulations, and standards, including SOC 2, NIST and GDPR, and experience in preparing for and facilitating external audits.

Familiarity with security monitoring and technical controls and the ability to work with IT, product, and engineering teams to implement these controls effectively.

Excellent communication skills, with the ability to articulate complex security concepts to both technical and non-technical stakeholders.

Strong organizational skills, with a focus on follow-through and the ability to manage multiple priorities in a dynamic environment.

Experience with security automation tools and techniques, and a proactive approach to identifying and implementing efficiencies in security operations.

A collaborative mindset, with the ability to work effectively with cross-functional teams to achieve security and compliance goals while supporting business objectives.

Experience interfacing with customer security teams, particularly in the context of vendor risk management, security questionnaires, and compliance inquiries.